[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#3651) slapd dies when using ldapadd.



Full_Name: Paul Webb
Version: 2.2.24 stable
OS: Fedora Core2
URL: 
Submission from: (NULL) (216.29.61.254)


This is most likely my fault, so I'm hoping someone can point out to me where I
screwed up.

I have a Red Hat Fedora Core2 box with all of the development and kernel tools
installed, but hardly any of the servers; I want to install all of the server
daemons myself to avoid the confusing distro-based paths and server installs
that Red Hat and others use. 

It should be noted that I previously have installed MySQL, Apache 1.x, and PHP
on this box. In the process of that install, I installed OpenSSL. All of these
were installed from source.

I installed BerkeleyDB.4.3.NS (Non-Secure) from source using the standard
./configure, make, make install routine without incident.

I then installed OpenLDAP using the following configure line:

env CPPFLAGS="-I/usr/local/BerkeleyDB.4.3/include
-I/usr/local/ssl/include/openssl" \
LDFLAGS="-L/usr/local/BerkeleyDB.4.3/lib -L/usr/local/ssl/lib" \
./configure --with-tls --enable-slurpd --enable-crypt --enable-syslog
--sysconfdir=/etc

When this completed successfully, I ran a make depend, make, make test, and make
install, all without problems.

I generated a symbolic link to my library using something like the following
command:
ln -s /usr/local/BerkeleyDB.4.3/lib/libdb-4.3.so /usr/include/libdb-4.3.so

(don't quote me on that one. I can't find the command itself -- but it resolved
the issue I was having with slapd failing)

I put the following slapd.conf file in /etc/openldap/slapd.conf:
--- BEGIN ---
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema

allow bind_v2
pidfile /var/run/slapd.pid

database bdb
suffix "dc=webbenabled,dc=com"
rootdn "cn=Manager,dc=webbenabled,dc=com"
rootpw {SSHA}(A Password Hash is Here)
directory /var/lib/ldap (This does exist)

index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub

---END---

I then ran slad using the following line:

/usr/local/libexec/slapd -f /etc/openldap/slapd.conf -u ldap

(Yes, an LDAP user account exists)

The slapd daemon fired up without incident. Now time to add an LDIF file to it
to start. I used the following LDIF file:

---BEGIN---
dn: dc=webbenabled, dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
dc: webbenabled
o: WebbEnabled Solutions LLC
---END---

... and imported it with the following command:

ldapadd -D 'dc=webbenabled, dc=com' -f webbenabled.ldif -W

I get the following message:

SASL/DIGEST-MD5 authentication started
ldap_sasl_interactive_bind_s: Can't contact LDAP server (-1)

So, I restart the daemon and switch to trying to add a known-good, not generated
by me, LDIF file. I get the same error.

So, I restart the daemon again, this time setting my debugging level high:

/usr/local/libexec/slapd -f /etc/openldap/slapd.conf -u ldap -d 5

and I retry again, using the original webbenabled.ldif file. I get the following
output below. I then tried with the known good one, and I got the same output:

---BEGIN---
[root@server1 build_unix]# /usr/local/libexec/slapd -d 5 -f
/etc/openldap/slapd.conf
@(#) $OpenLDAP: slapd 2.2.24 (Apr 11 2005 00:34:17) $
        root@server1.int.webbenabled.com:/downloads/openldap-2.2.24/servers/slapd
daemon_init: <null>
daemon_init: listen on ldap:///
daemon_init: 1 listeners to open...
ldap_url_parse_ext(ldap:///)
daemon: IPv6 socket() failed errno=97 (Address family not supported by
protocol)
daemon: initialized ldap:///
daemon_init: 2 listeners opened
slapd init: initiated server.
slap_sasl_init: initialized!
bdb_back_initialize: initialize BDB backend
bdb_back_initialize: Sleepycat Software: Berkeley DB 4.3.27: (December 22,
2004)
>>> dnNormalize: <cn=Subschema>
=> ldap_bv2dn(cn=Subschema,0)
ldap_err2string
<= ldap_bv2dn(cn=Subschema)=0 Success
=> ldap_dn2bv(272)
ldap_err2string
<= ldap_dn2bv(cn=subschema)=0 Success
<<< dnNormalize: <cn=subschema>
bdb_db_init: Initializing BDB database
>>> dnPrettyNormal: <dc=webbenabled,dc=com>
=> ldap_bv2dn(dc=webbenabled,dc=com,0)
ldap_err2string
<= ldap_bv2dn(dc=webbenabled,dc=com)=0 Success
=> ldap_dn2bv(272)
ldap_err2string
<= ldap_dn2bv(dc=webbenabled,dc=com)=0 Success
=> ldap_dn2bv(272)
ldap_err2string
<= ldap_dn2bv(dc=webbenabled,dc=com)=0 Success
<<< dnPrettyNormal: <dc=webbenabled,dc=com>, <dc=webbenabled,dc=com>
>>> dnPrettyNormal: <cn=Manager,dc=webbenabled,dc=com>
=> ldap_bv2dn(cn=Manager,dc=webbenabled,dc=com,0)
ldap_err2string
<= ldap_bv2dn(cn=Manager,dc=webbenabled,dc=com)=0 Success
=> ldap_dn2bv(272)
ldap_err2string
<= ldap_dn2bv(cn=Manager,dc=webbenabled,dc=com)=0 Success
=> ldap_dn2bv(272)
ldap_err2string
<= ldap_dn2bv(cn=manager,dc=webbenabled,dc=com)=0 Success
<<< dnPrettyNormal: <cn=Manager,dc=webbenabled,dc=com>,
<cn=manager,dc=webbenabled,dc=com>
matching_rule_use_init
    1.2.840.113556.1.4.804 (integerBitOrMatch): matchingRuleUse: (
1.2.840.113556.1.4.804 NAME 'integerBitOrMatch' APPLIES ( oncRpcNumber $
ipProtocolNumber $ ipServicePort $ shadowFlag $ shadowExpire $ shadowInactive $
shadowWarning $ shadowMax $ shadowMin $ shadowLastChange $ gidNumber $ uidNumber
$ mailPreferenceOption $ supportedLDAPVersion ) )
    1.2.840.113556.1.4.803 (integerBitAndMatch): matchingRuleUse: (
1.2.840.113556.1.4.803 NAME 'integerBitAndMatch' APPLIES ( oncRpcNumber $
ipProtocolNumber $ ipServicePort $ shadowFlag $ shadowExpire $ shadowInactive $
shadowWarning $ shadowMax $ shadowMin $ shadowLastChange $ gidNumber $ uidNumber
$ mailPreferenceOption $ supportedLDAPVersion ) )
    1.3.6.1.4.1.1466.109.114.2 (caseIgnoreIA5Match): matchingRuleUse: (
1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' APPLIES ( nisMapEntry $
bootFile $ macAddress $ ipNetmaskNumber $ ipNetworkNumber $ ipHostNumber $
memberNisNetgroup $ memberUid $ loginShell $ homeDirectory $ gecos $
janetMailbox $ cNAMERecord $ sOARecord $ nSRecord $ mXRecord $ mDRecord $
aRecord $ email $ associatedDomain $ dc $ mail $ altServer ) )
    1.3.6.1.4.1.1466.109.114.1 (caseExactIA5Match): matchingRuleUse: (
1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' APPLIES ( nisMapEntry $
bootFile $ macAddress $ ipNetmaskNumber $ ipNetworkNumber $ ipHostNumber $
memberNisNetgroup $ memberUid $ loginShell $ homeDirectory $ gecos $
janetMailbox $ cNAMERecord $ sOARecord $ nSRecord $ mXRecord $ mDRecord $
aRecord $ email $ associatedDomain $ dc $ mail $ altServer ) )
    2.5.13.35 (certificateMatch): matchingRuleUse: ( 2.5.13.35 NAME
'certificateMatch' APPLIES ( cACertificate $ userCertificate ) )
    2.5.13.34 (certificateExactMatch): matchingRuleUse: ( 2.5.13.34 NAME
'certificateExactMatch' APPLIES ( cACertificate $ userCertificate ) )
    2.5.13.30 (objectIdentifierFirstComponentMatch): matchingRuleUse: (
2.5.13.30 NAME 'objectIdentifierFirstComponentMatch' APPLIES (
supportedApplicationContext $ ldapSyntaxes $ supportedFeatures $
supportedExtension $ supportedControl ) )
    2.5.13.29 (integerFirstComponentMatch): matchingRuleUse: ( 2.5.13.29 NAME
'integerFirstComponentMatch' APPLIES ( oncRpcNumber $ ipProtocolNumber $
ipServicePort $ shadowFlag $ shadowExpire $ shadowInactive $ shadowWarning $
shadowMax $ shadowMin $ shadowLastChange $ gidNumber $ uidNumber $
mailPreferenceOption $ supportedLDAPVersion ) )
    2.5.13.27 (generalizedTimeMatch): matchingRuleUse: ( 2.5.13.27 NAME
'generalizedTimeMatch' APPLIES ( modifyTimestamp $ createTimestamp ) )
    2.5.13.24 (protocolInformationMatch): matchingRuleUse: ( 2.5.13.24 NAME
'protocolInformationMatch' APPLIES protocolInformation )
    2.5.13.23 (uniqueMemberMatch): matchingRuleUse: ( 2.5.13.23 NAME
'uniqueMemberMatch' APPLIES uniqueMember )
    2.5.13.22 (presentationAddressMatch): matchingRuleUse: ( 2.5.13.22 NAME
'presentationAddressMatch' APPLIES presentationAddress )
    2.5.13.20 (telephoneNumberMatch): matchingRuleUse: ( 2.5.13.20 NAME
'telephoneNumberMatch' APPLIES ( pager $ mobile $ homePhone $ telephoneNumber )
)
    2.5.13.17 (octetStringMatch): matchingRuleUse: ( 2.5.13.17 NAME
'octetStringMatch' APPLIES userPassword )
    2.5.13.16 (bitStringMatch): matchingRuleUse: ( 2.5.13.16 NAME
'bitStringMatch' APPLIES x500UniqueIdentifier )
    2.5.13.14 (integerMatch): matchingRuleUse: ( 2.5.13.14 NAME 'integerMatch'
APPLIES ( oncRpcNumber $ ipProtocolNumber $ ipServicePort $ shadowFlag $
shadowExpire $ shadowInactive $ shadowWarning $ shadowMax $ shadowMin $
shadowLastChange $ gidNumber $ uidNumber $ mailPreferenceOption $
supportedLDAPVersion ) )
    2.5.13.13 (booleanMatch): matchingRuleUse: ( 2.5.13.13 NAME 'booleanMatch'
APPLIES hasSubordinates )
    2.5.13.11 (caseIgnoreListMatch): matchingRuleUse: ( 2.5.13.11 NAME
'caseIgnoreListMatch' APPLIES ( homePostalAddress $ registeredAddress $
postalAddress ) )
    2.5.13.8 (numericStringMatch): matchingRuleUse: ( 2.5.13.8 NAME
'numericStringMatch' APPLIES ( internationaliSDNNumber $ x121Address ) )
    2.5.13.7 (caseExactSubstringsMatch): matchingRuleUse: ( 2.5.13.7 NAME
'caseExactSubstringsMatch' APPLIES ( dnQualifier $ destinationIndicator $
serialNumber ) )
    2.5.13.6 (caseExactOrderingMatch): matchingRuleUse: ( 2.5.13.6 NAME
'caseExactOrderingMatch' APPLIES ( dnQualifier $ destinationIndicator $
serialNumber ) )
    2.5.13.5 (caseExactMatch): matchingRuleUse: ( 2.5.13.5 NAME 'caseExactMatch'
APPLIES ( nisMapName $ ipServiceProtocol $ preferredLanguage $ employeeType $
employeeNumber $ displayName $ departmentNumber $ carLicense $ documentPublisher
$ buildingName $ organizationalStatus $ uniqueIdentifier $ co $ personalTitle $
documentLocation $ documentVersion $ documentTitle $ documentIdentifier $ host $
userClass $ roomNumber $ drink $ info $ textEncodedORAddress $ uid $ dmdName $
houseIdentifier $ dnQualifier $ generationQualifier $ initials $ givenName $
destinationIndicator $ physicalDeliveryOfficeName $ postOfficeBox $ postalCode $
businessCategory $ description $ title $ ou $ o $ street $ st $ l $ c $
serialNumber $ sn $ knowledgeInformation $ labeledURI $ cn $ name $ ref $
vendorVersion $ vendorName $ supportedSASLMechanisms ) )
    2.5.13.4 (caseIgnoreSubstringsMatch): matchingRuleUse: ( 2.5.13.4 NAME
'caseIgnoreSubstringsMatch' APPLIES ( dnQualifier $ destinationIndicator $
serialNumber ) )
    2.5.13.3 (caseIgnoreOrderingMatch): matchingRuleUse: ( 2.5.13.3 NAME
'caseIgnoreOrderingMatch' APPLIES ( dnQualifier $ destinationIndicator $
serialNumber ) )
    2.5.13.2 (caseIgnoreMatch): matchingRuleUse: ( 2.5.13.2 NAME
'caseIgnoreMatch' APPLIES ( nisMapName $ ipServiceProtocol $ preferredLanguage $
employeeType $ employeeNumber $ displayName $ departmentNumber $ carLicense $
documentPublisher $ buildingName $ organizationalStatus $ uniqueIdentifier $ co
$ personalTitle $ documentLocation $ documentVersion $ documentTitle $
documentIdentifier $ host $ userClass $ roomNumber $ drink $ info $
textEncodedORAddress $ uid $ dmdName $ houseIdentifier $ dnQualifier $
generationQualifier $ initials $ givenName $ destinationIndicator $
physicalDeliveryOfficeName $ postOfficeBox $ postalCode $ businessCategory $
description $ title $ ou $ o $ street $ st $ l $ c $ serialNumber $ sn $
knowledgeInformation $ labeledURI $ cn $ name $ ref $ vendorVersion $ vendorName
$ supportedSASLMechanisms ) )
    2.5.13.1 (distinguishedNameMatch): matchingRuleUse: ( 2.5.13.1 NAME
'distinguishedNameMatch' APPLIES ( dITRedirect $ associatedName $ secretary $
documentAuthor $ manager $ seeAlso $ roleOccupant $ owner $ member $
distinguishedName $ aliasedObjectName $ namingContexts $ subschemaSubentry $
modifiersName $ creatorsName ) )
    2.5.13.0 (objectIdentifierMatch): matchingRuleUse: ( 2.5.13.0 NAME
'objectIdentifierMatch' APPLIES ( supportedApplicationContext $
supportedFeatures $ supportedExtension $ supportedControl ) )
slapd startup: initiated.
backend_startup: starting "dc=webbenabled,dc=com"
bdb_db_open: dc=webbenabled,dc=com
bdb_db_open: dbenv_open(/var/lib/ldap)
slapd starting
ldap_pvt_gethostbyname_a: host=server1.xxx.webbenabled.com, r=0
connection_get(11)
connection_get(11): got connid=0
connection_read(11): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 62 contents:
ber_get_next
ber_get_next on fd 11 failed errno=11 (Resource temporarily unavailable)
do_search
ber_scanf fmt ({miiiib) ber:
>>> dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <>
SRCH "" 0 0    0 0 0
ber_scanf fmt (m) ber:
    filter: (objectClass=*)
ber_scanf fmt ({M}}) ber:
    attrs: supportedSASLMechanisms
=> send_search_entry: dn=""
ber_flush: 62 bytes to sd 11
<= send_search_entry
send_ldap_result: conn=0 op=0 p=3
send_ldap_result: err=0 matched="" text=""
send_ldap_response: msgid=1 tag=101 err=0
ber_flush: 14 bytes to sd 11
connection_get(11)
connection_get(11): got connid=0
connection_read(11): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 24 contents:
ber_get_next
ber_get_next on fd 11 failed errno=11 (Resource temporarily unavailable)
do_bind
ber_scanf fmt ({imt) ber:
ber_scanf fmt ({m) ber:
ber_scanf fmt (}}) ber:
>>> dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <>
do_sasl_bind: dn () mech DIGEST-MD5
==> sasl_bind: dn="" mech=DIGEST-MD5 datalen=0
SASL [conn=0] Debug: DIGEST-MD5 server step 1
send_ldap_sasl: err=14 len=200
send_ldap_response: msgid=2 tag=97 err=14
ber_flush: 219 bytes to sd 11
<== slap_sasl_bind: rc=14
connection_get(11)
connection_get(11): got connid=0
connection_read(11): checking for input on id=0
ber_get_next
ber_get_next: tag 0x30 len 330 contents:
ber_get_next
ber_get_next on fd 11 failed errno=11 (Resource temporarily unavailable)
do_bind
ber_scanf fmt ({imt) ber:
ber_scanf fmt ({m) ber:
ber_scanf fmt (m) ber:
ber_scanf fmt (}}) ber:
>>> dnPrettyNormal: <>
<<< dnPrettyNormal: <>, <>
do_sasl_bind: dn () mech DIGEST-MD5
==> sasl_bind: dn="" mech=<continuing> datalen=298
SASL [conn=0] Debug: DIGEST-MD5 server step 2
SASL Canonicalize [conn=0]: authcid="root"
slap_sasl_getdn: id=root [len=4]
=> ldap_dn2bv(16)
ldap_err2string
<= ldap_dn2bv(uid=root,cn=DIGEST-MD5,cn=auth)=0 Success
slap_sasl_getdn: u:id converted to uid=root,cn=DIGEST-MD5,cn=auth
>>> dnNormalize: <uid=root,cn=DIGEST-MD5,cn=auth>
=> ldap_bv2dn(uid=root,cn=DIGEST-MD5,cn=auth,0)
ldap_err2string
<= ldap_bv2dn(uid=root,cn=DIGEST-MD5,cn=auth)=0 Success
=> ldap_dn2bv(272)
ldap_err2string
<= ldap_dn2bv(uid=root,cn=digest-md5,cn=auth)=0 Success
<<< dnNormalize: <uid=root,cn=digest-md5,cn=auth>
==>slap_sasl2dn: converting SASL name uid=root,cn=digest-md5,cn=auth to a DN
slap_sasl_regexp: converting SASL name uid=root,cn=digest-md5,cn=auth
<==slap_sasl2dn: Converted SASL name to <nothing>
SASL Canonicalize [conn=0]: slapAuthcDN="uid=root,cn=digest-md5,cn=auth"
Killed
---END---

Any ideas what I've done incorrectly?

Thanks in advance for your help!
--
Paul Webb
WebbEnabled Solutions, LLC